public function validateSignature($orig, $sig, $pk) { // Bob verifies and removes the signature $msg_orig = \Sodium::crypto_sign_open($sig . $orig, $pk); $check = $msg_orig !== false; if (!$check) { var_dump($orig); var_dump(base64_encode($sig)); var_dump(base64_encode($pk)); } return $check; }